#!/bin/bash
#设置kubeelet bootstrap
TOKEN_PUB={{ TOKEN_ID }}
TOKEN_SECRET={{ TOKEN_SECRET }}
BOOTSTRAP_TOKEN={{ BOOTSTRAP_TOKEN }}

kubectl -n kube-system create secret generic bootstrap-token-${TOKEN_PUB} \
        --type 'bootstrap.kubernetes.io/token' \
        --from-literal description="cluster bootstrap token" \
        --from-literal token-id=${TOKEN_PUB} \
        --from-literal token-secret=${TOKEN_SECRET} \
        --from-literal usage-bootstrap-authentication=true \
        --from-literal usage-bootstrap-signing=true



CLUSTER_NAME="kubernetes"
KUBE_USER="kubelet-bootstrap"
KUBE_CONFIG="bootstrap.kubeconfig"

# 设置集群参数
/usr/local/bin/kubectl config set-cluster ${CLUSTER_NAME} \
  --certificate-authority=/etc/kubernetes/sslcert/ca.pem \
  --embed-certs=true \
  --server={{ KUBE_APISERVER }} \
  --kubeconfig=/etc/kubernetes/sslcert/${KUBE_CONFIG}

# 设置上下文参数
/usr/local/bin/kubectl config set-context ${KUBE_USER}@${CLUSTER_NAME} \
  --cluster=${CLUSTER_NAME} \
  --user=${KUBE_USER} \
  --kubeconfig=/etc/kubernetes/sslcert/${KUBE_CONFIG}

# 设置客户端认证参数
/usr/local/bin/kubectl config set-credentials ${KUBE_USER} \
  --token=${BOOTSTRAP_TOKEN} \
  --kubeconfig=/etc/kubernetes/sslcert/${KUBE_CONFIG}


# 设置当前使用的上下文
/usr/local/bin/kubectl config use-context ${KUBE_USER}@${CLUSTER_NAME} --kubeconfig=/etc/kubernetes/sslcert/${KUBE_CONFIG}


#Bootstrap Token Auth 和授予权限
#授权 kubelet 可以创建 csr
#参考链接https://github.com/opsnull/follow-me-install-kubernetes-cluster/blob/master/06-4.kubelet.md
/usr/local/bin/kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --group=system:bootstrappers